Commit 7b6a0824 authored by Clément OUDOT's avatar Clément OUDOT

Invalidate CAS Service Ticket when it is used (#LEMONLDAP-775)

git-svn-id: svn://svn.forge.objectweb.org/svnroot/lemonldap/branches/lemonldap-ng_version_1_4-bugfixes@3573 1dbb9719-a921-0410-b57f-c3a383c2c641
parent 17b2008c
...@@ -10,7 +10,7 @@ use Lemonldap::NG::Portal::Simple; ...@@ -10,7 +10,7 @@ use Lemonldap::NG::Portal::Simple;
use Lemonldap::NG::Portal::_CAS; use Lemonldap::NG::Portal::_CAS;
use base qw(Lemonldap::NG::Portal::_CAS Lemonldap::NG::Portal::_LibAccess); use base qw(Lemonldap::NG::Portal::_CAS Lemonldap::NG::Portal::_LibAccess);
our $VERSION = '1.4.2'; our $VERSION = '1.4.3';
## @method void issuerDBInit() ## @method void issuerDBInit()
# Nothing to do # Nothing to do
...@@ -143,6 +143,7 @@ sub issuerForUnAuthUser { ...@@ -143,6 +143,7 @@ sub issuerForUnAuthUser {
. $casServiceSession->data->{service}, . $casServiceSession->data->{service},
'error' 'error'
); );
$self->deleteCasSession($casServiceSession);
$self->returnCasValidateError(); $self->returnCasValidateError();
} }
...@@ -160,6 +161,7 @@ sub issuerForUnAuthUser { ...@@ -160,6 +161,7 @@ sub issuerForUnAuthUser {
"Authentication renew requested, but not done in former authentication process", "Authentication renew requested, but not done in former authentication process",
'error' 'error'
); );
$self->deleteCasSession($casServiceSession);
$self->returnCasValidateError(); $self->returnCasValidateError();
} }
} }
...@@ -175,6 +177,7 @@ sub issuerForUnAuthUser { ...@@ -175,6 +177,7 @@ sub issuerForUnAuthUser {
. " notfound", . " notfound",
'error' 'error'
); );
$self->deleteCasSession($casServiceSession);
$self->returnCasValidateError(); $self->returnCasValidateError();
} }
...@@ -185,6 +188,7 @@ sub issuerForUnAuthUser { ...@@ -185,6 +188,7 @@ sub issuerForUnAuthUser {
$self->lmLog( "Get username $username", 'debug' ); $self->lmLog( "Get username $username", 'debug' );
# Return success message # Return success message
$self->deleteCasSession($casServiceSession);
$self->returnCasValidateSuccess($username); $self->returnCasValidateSuccess($username);
# We should not be there # We should not be there
...@@ -263,9 +267,7 @@ sub issuerForUnAuthUser { ...@@ -263,9 +267,7 @@ sub issuerForUnAuthUser {
'error' 'error'
); );
# CAS protocol: invalidate ticket if service is invalid
$self->deleteCasSession($casServiceSession); $self->deleteCasSession($casServiceSession);
$self->returnCasServiceValidateError( 'INVALID_SERVICE', $self->returnCasServiceValidateError( 'INVALID_SERVICE',
'Submitted service does not match initial service' ); 'Submitted service does not match initial service' );
} }
...@@ -284,6 +286,7 @@ sub issuerForUnAuthUser { ...@@ -284,6 +286,7 @@ sub issuerForUnAuthUser {
"Authentication renew requested, but not done in former authentication process", "Authentication renew requested, but not done in former authentication process",
'error' 'error'
); );
$self->deleteCasSession($casServiceSession);
$self->returnCasValidateError(); $self->returnCasValidateError();
} }
...@@ -382,6 +385,7 @@ sub issuerForUnAuthUser { ...@@ -382,6 +385,7 @@ sub issuerForUnAuthUser {
. " notfound", . " notfound",
'error' 'error'
); );
$self->deleteCasSession($casServiceSession);
$self->returnCasServiceValidateError( 'INTERNAL_ERROR', $self->returnCasServiceValidateError( 'INTERNAL_ERROR',
'No session associated to ticket' ); 'No session associated to ticket' );
} }
...@@ -393,6 +397,7 @@ sub issuerForUnAuthUser { ...@@ -393,6 +397,7 @@ sub issuerForUnAuthUser {
$self->lmLog( "Get username $username", 'debug' ); $self->lmLog( "Get username $username", 'debug' );
# Return success message # Return success message
$self->deleteCasSession($casServiceSession);
$self->returnCasServiceValidateSuccess( $username, $self->returnCasServiceValidateSuccess( $username,
$casProxyGrantingTicketIOU, $proxies ); $casProxyGrantingTicketIOU, $proxies );
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment